• State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 25 subscribers
  • Views 294 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 290174
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NRF9160 modem credential requirements

user77483

Hi,

I'm using a nrf9160 DK and am wondering how to use the credential storage system.  I deleted all credentials for security tag 1, and loaded the root CA pem (not the full chain - I had trouble loading that - too large maybe?  is full chain needed?) for my test site as credential type 0 (MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN) into security tag 1.  Trying to connect to the site with security tag 1 results in -111 (-ECONNREFUSED) but only when TLS_PEER_VERIFY is set to REQUIRED (NONE or OPTIONAL makes successful connection).  Is loading only MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN enough to secure a connection or do I need to load a client certificate also (client verification by the server is not being done). 

Do I need to load any of the other credential types into the tag if I only need server verification?  Or is my problem some kind of oversight on my part?

  • 0 in reply to user77483

    Hi,

     

    Q1: which mfw are you using?

    Q2: Could you load the at_client onto the failing board, and issue this AT command?

    AT%CMNG=1

     

    And then delete any unused certs?

    Docs for reference: https://infocenter.nordicsemi.com/topic/ref_at_commands/REF/at_commands/security/cmng_set.html?cp=2_1_11_7_0

     

    Kind regards,

    Håkon

  • 0 in reply to user2115

    Here's the output from LTE link monitor as I typed these commands in:

    2022-06-09T15:03:57.681Z DEBUG Application data folder: /home/erin/.config/nrfconnect/pc-nrfconnect-linkmonitor 2022-06-09T15:03:57.739Z INFO Using nrf-device-lib-js version: 0.4.11 2022-06-09T15:03:57.739Z INFO Using nrf-device-lib version: 0.11.8 2022-06-09T15:03:57.739Z INFO Using nrfjprog DLL version: 10.15.4 2022-06-09T15:03:57.739Z INFO Using JLink version: JLink_V7.65c 2022-06-09T15:03:57.749Z DEBUG App pc-nrfconnect-linkmonitor v2.0.1 official 2022-06-09T15:03:57.749Z DEBUG App path: /home/erin/.nrfconnect-apps/node_modules/pc-nrfconnect-linkmonitor 2022-06-09T15:03:57.749Z DEBUG nRFConnect 3.11.1, required by the app is (^3.8.0) 2022-06-09T15:03:57.749Z DEBUG nRFConnect path: /tmp/.mount_nrfconbLT2uZ/resources/app.asar 2022-06-09T15:03:57.749Z DEBUG HomeDir: /home/erin 2022-06-09T15:03:57.749Z DEBUG TmpDir: /tmp 2022-06-09T15:03:57.750Z INFO Installed JLink version does not match the provided version (V7.58b) 2022-06-09T15:04:02.611Z INFO Modem port is opened 2022-06-09T15:04:02.620Z DEBUG modem >> AT+CFUN? 2022-06-09T15:04:02.632Z DEBUG modem << +CFUN: 0 2022-06-09T15:04:02.633Z DEBUG modem << OK 2022-06-09T15:04:16.519Z DEBUG modem >> AT 2022-06-09T15:04:16.531Z DEBUG modem << OK 2022-06-09T15:04:41.858Z DEBUG modem >> AT%CMNG=1 2022-06-09T15:04:41.879Z DEBUG modem << %CMNG: 1,0,"0000000000000000000000000000000000000000000000000000000000000000" 2022-06-09T15:04:41.888Z DEBUG modem << %CMNG: 42,0,"0000000000000000000000000000000000000000000000000000000000000000" 2022-06-09T15:04:41.894Z DEBUG modem << %CMNG: 16842753,0,"0000000000000000000000000000000000000000000000000000000000000000" 2022-06-09T15:04:41.901Z DEBUG modem << %CMNG: 16842753,1,"0101010101010101010101010101010101010101010101010101010101010101" 2022-06-09T15:04:41.909Z DEBUG modem << %CMNG: 16842753,2,"0202020202020202020202020202020202020202020202020202020202020202" 2022-06-09T15:04:41.912Z DEBUG modem << OK 2022-06-09T15:06:18.400Z DEBUG modem >> AT%CMNG=3,1,0 2022-06-09T15:06:18.467Z DEBUG modem << OK 2022-06-09T15:06:23.040Z DEBUG modem >> AT%CMNG=3,42,0 2022-06-09T15:06:23.054Z DEBUG modem << OK 2022-06-09T15:06:43.590Z DEBUG modem >> AT%CMNG=3,16842753,0 2022-06-09T15:06:43.640Z DEBUG modem << OK 2022-06-09T15:06:46.320Z DEBUG modem >> AT%CMNG=3,16842753,1 2022-06-09T15:06:47.320Z ERROR Error: 'AT%CMNG=3,16842753,1 ' timed out 2022-06-09T15:06:47.518Z DEBUG modem >> AT%CMNG=3,16842753,2 2022-06-09T15:06:47.654Z DEBUG modem << OK 2022-06-09T15:06:55.697Z DEBUG modem >> AT%CMNG=1 2022-06-09T15:06:55.707Z DEBUG modem << ERROR 2022-06-09T15:06:55.710Z ERROR Error: AT%CMNG=1 failed 2022-06-09T15:07:00.629Z DEBUG modem >> AT%CMNG=1 2022-06-09T15:07:00.646Z DEBUG modem << %CMNG: 16842753,2,"0202020202020202020202020202020202020202020202020202020202020202" 2022-06-09T15:07:00.650Z DEBUG modem << OK 2022-06-09T15:07:24.193Z DEBUG modem >> AT%CMNG=3,16842753,2 2022-06-09T15:07:24.208Z DEBUG modem << OK 2022-06-09T15:07:32.273Z DEBUG modem >> AT%CMNG=1 2022-06-09T15:07:32.283Z DEBUG modem << OK 2022-06-09T15:07:40.929Z DEBUG modem >> AT%CMNG=1 2022-06-09T15:07:40.940Z DEBUG modem << OK 2022-06-09T15:11:35.824Z DEBUG modem >> AT%SHORTSWVER 2022-06-09T15:11:35.838Z DEBUG modem << %SHORTSWVER: nrf9160_1.1.0 2022-06-09T15:11:35.841Z DEBUG modem << OK

    I loaded the https_example onto the DK after this and I'm still getting error 111 when TLS_PEER_VERIFY is set to required

  • +1 in reply to user77483

    Hi,

     

    erinh said:
    %SHORTSWVER: nrf9160_1.1.0

    Are you planning to go into production with this modem fw version?

    Is there a specific reason why you're using the v1.1.x branch, and not the newer 1.3.x branch?

     

    I would recommend that you upgrade the modem fw version, atleast to the newest within the minor release.

     

    Kind regards,

    Håkon

  • 0 in reply to user2115

    It looks like the 1.3.x mfw versions do not support the hardware revision number that's on this board.  I updated to 1.2.7 and it looks like the issue has been fixed.  Do you know where I can find information about ensuring a particular modem firmware version during production?

Related
Terms of service